Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-17 | CVE-2019-11410 | OS Command Injection vulnerability in Fusionpbx 4.4.3 app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on the host. | 9.0 |
| 2019-06-17 | CVE-2019-11409 | OS Command Injection vulnerability in Fusionpbx 4.4.3 app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. | 6.5 |
| 2019-06-17 | CVE-2019-12181 | OS Command Injection vulnerability in Solarwinds Serv-U FTP Server and Serv-U MFT Server A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux. | 8.8 |
| 2019-06-15 | CVE-2019-12840 | OS Command Injection vulnerability in Webmin In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi. | 9.0 |
| 2019-06-15 | CVE-2019-12839 | OS Command Injection vulnerability in Orangehrm In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution. | 6.5 |
| 2019-06-11 | CVE-2018-20841 | OS Command Injection vulnerability in Hootoo Tripmate Titan Ht-Tm05 Firmware 2.000.022/2.000.082 HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request. | 10.0 |
| 2019-06-11 | CVE-2019-3412 | OS Command Injection vulnerability in ZTE Mf920 Firmware All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability. | 7.5 |
| 2019-06-11 | CVE-2019-3409 | OS Command Injection vulnerability in ZTE Wf820+ LTE Outdoor CPE Firmware All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by command injection vulnerability. | 6.5 |
| 2019-06-10 | CVE-2019-12780 | OS Command Injection vulnerability in Belkin Crock-Pot Smart Slow Cooker With Wemo Firmware The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. | 7.5 |
| 2019-06-07 | CVE-2018-10702 | OS Command Injection vulnerability in Moxa Awk-3121 Firmware 1.14 An issue was discovered on Moxa AWK-3121 1.14 devices. | 8.8 |